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Detailed Action 

This office action is in response to the correspondence received on October 13, 
2005. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-21, 24-32 and 41-43 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Coss et al (US Pat No: US006098172A), in view of Minear et al (US 

Pat No: US005983350A), hereafter referred to as Coss in view of Minear, respectively. 



1 . With regards to claims 1,11 and 21 , Coss teaches through Minear, a 

computerized method for automatically configuring a firewall operating within an 
individual computer comprising: determining a zone for a network address 
dynamically assigned to a network adapter in the individual computer; and 
associating a security policy, for the zone with the network adapter, the security 
policy specifying the firewall configuration to protect the individual computer; 
wherein the security policy is defined by a policy file which includes a policy file 
data structure stored as an XML (extensible markup language) document; 
wherein a security policy section of the policy file data structure includes an entry 
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for each security policy that is identified by a policy identifier field and is 
associated with a network protocol that is identified by a protocol identifier field; 
wherein the security policy section specifies filters for at least a portion of ports 
and services defined by the network protocol, and each port and service 
associated with the security policy is identified by an element identifier field, a 
field containing filter settings, and a log indicator field; wherein at least one 
security policy is included for a TCP/IP network and includes a PPTP 
(point-to-point tunneling protocol a RIP (routing information protocol), a DHCP 
(dynamic host configuration protocol),an ARP (address resolution protocol), an 
Ident (identification protocol). ICMP (internet control message protocol) and VPN 
(virtual private networking) ports, and a NetBIOS (network basic input/output 
system) service; wherein a default setting for a high security policy on the TCP/IP 
network disallows incoming network traffic through the PPTP and ICMP ports, 
allows incoming network traffic through the RIP, DHCP, ARP and VPN ports, 
disallows access through the NetBIOS service to shared resources on the 
individual computer, and disallows the individual computer from using shared 
resources of other computers on the TCP/IP network, where incoming network 
traffic that attempts to access the individual computer using PPTP and NetBIOS 
is logged; wherein a zone section of the policy file data structure includes an 
entry for each defined address zone and includes an identifier field, an address 
parameters field that defines the zone, and an identifier field for the security 
policy assigned to the zone; wherein a default zone is defined by addresses that 
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are outside another zone; wherein the determining and associating is performed 
when the network address for the network adapter changes; wherein the security 
policy associated with the network protocol is specific to the network protocol 

(Coss teaches a firewall design. The design disclosure features domain 
selection for an interface, such as a NIC (column 6, lines 53-61 and column 7, 
lines 9-11, lines 53-67, Coss) (equivalent to the claimed determining zone trait). 
The Coss design also features mapping policies to the NIC (column 7, lines 53- 
67, Coss). Plus, the design has configurable security policies (column 4, lines 
17-32, Coss). It is obvious to one skilled in the art that data, such as security 
policies, can be stored in files, such as XML files. In addition the design features 
processes executed from memory to protect by filtering data based upon security 
policies (column 6, lines 49-67, Coss). It is also well known in the art that the 
highest security policy locks down a device from sending or receiving network 
data. Additionally, Coss's design allows policies to compensate for address 
changes (column 7, lines 41-45, Coss). However, much is not said regarding 
which protocols are covered by the policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 
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regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 

2. With regards to claims 2, 12 and 24, Coss teaches through Minear, the 
computerized method further comprising: determining the network address 
assigned to the network adapter 

(Coss's design allows for the determination of the NIC's address (column 6, 
lines 58-61 and column 7, lines 2-4, Coss). However, much is not said regarding 
which protocols are covered by the policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 
regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 

3. With regards to claims 3, 18 and 25, Coss teaches through Minear, the 
computerized method wherein the zone is defined by a set of network addresses 
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(Coss's design allows the domain selection (zone selection) to be defined by 
addresses (column 6, lines 47-67 and column 7, lines 1-4, 61-67, Coss). 
However, much is not said regarding which protocols are covered by the policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 
regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 

4. With regards to claims 4, 19, and 26, Coss teaches through Minear, the 

computerized method wherein the set of network addresses comprises at least 
one address within the zone 

(Coss teaches that the set of addresses comprises at least one address 
within the zone (column 7, lines 2-4, Coss). However, much is not said regarding 
which protocols are covered by the policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. 
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Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 
regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 

5. With regards to claims 5, 20 and 27, Coss teaches through Minear, the 

computerized method wherein the set of network addresses comprises at least 
one address outside the zone 

(Coss's design allows for the handling of at least one address outside the 
zone (column 7, lines 61-67, Coss). However, much is not said regarding which 
protocols are covered by the policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 
regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 
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6. With regards to claims 6, 13, and 28, Coss teaches through Minear, the 
computerized method further comprising: assigning the security policy to the 
zone 

(Coss's design allows for the policies to be applied to zones (column 6, lines 
48-61, Coss). However, much is not said regarding which protocols are covered 
by the policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 
regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 

7. With regards to claims 7, 14 and 29, Coss teaches through Minear, the 
computerized method further comprising: retrieving the policy file that contains 
definitions for the zone and the security policy and specifies that the security 
policy is assigned to the zone 

(Coss's design features zone specific policies (column 9, lines 6-9, Coss). 
However, much is not said regarding which protocols are covered by the policies. 
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Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 
regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 

8. With regards to claims 8, 15 and 30, Coss teaches through Minear, the 

computerized method further comprising: creating the policy file from data input 
by a user 

(Coss's design allows for user specified policies (column 4, lines 17-19 and 
column 11, lines 3-7, Coss). However, much is not said regarding which 
protocols are covered by the policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 



Application/Control Number: 09/803,527 Page 10 

Art Unit: 2145 

regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 



9. With regards to claims 9, 16 and 31 , Coss teaches through Minear, the 

computerized method further comprising: creating the policy file from data input 
by an administrator 

(Coss's design allows for administrator edited policies (column 4, lines 17-19, 
Coss). However, much is not said regarding which protocols are covered by the 
policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 
regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 



10. With regards to claims 10, 17 and 32, Coss teaches through Minear, the 
computerized method further comprising: receiving data from a predetermined 
location on the network through the network adapter; and creating the policy file 
from the data 
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(Coss's design allows for the downloading of policies (column 9, lines 6-9, 
Coss). However, much is not said regarding which protocols are covered by the 
policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 
regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 

1 1 .With regards to claim 41 , Coss teaches through Minear, the computerized 
method wherein the network address dynamically assigned to the network 
adapter is determined by mapping an adapter registry identifier to an associated 
network address stored in an operating system registry 

(Coss's design allows for the downloading of policies (column 9, lines 6-9, 
Coss). However, much is not said regarding which protocols are covered by the 
policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
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forward data (filter) based upon the protocol at hand. The claimed addressing 
trait is simply a form of protocol. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 
regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 

12. With regards to claim 42, Coss teaches through Minear, the computerized 
method wherein the network address dynamically assigned to the network 
adapter is determined by monitoring network traffic at the network adapter and 
examining a predefined limited amount of the network traffic to determine the 
network address 

(Coss's design allows for the downloading of policies (column 9, lines 6-9, 
Coss). However, much is not said regarding which protocols are covered by the 
policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. The claimed addressing 
trait is simply a form of protocol. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
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combined the teachings of Coss with those of Minear, to provide a method for 
regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 

13. With regards to claim 43, Coss teaches through Minear, the computerized 
method wherein the network address dynamically assigned to the network 
adapter is determined by receiving a network address from a network adapter 
device driver when the network adapter connects to the TCP/IP network 

(Coss's design allows for the downloading of policies (column 9, lines 6-9, 
Coss). However, much is not said regarding which protocols are covered by the 
policies. 

Minear also teaches a firewall design. The design makes use of policies 
which act upon a plurality of protocols (claim 8, Minear). The security policies 
forward data (filter) based upon the protocol at hand. The claimed addressing 
trait is simply a form of protocol. 

Both Coss and Minear teach firewall designs. Thus, it would have been 
obvious to one skilled in the art, during the time of the invention, to have 
combined the teachings of Coss with those of Minear, to provide a method for 
regulating the flow of messages through a firewall having a network protocol 
stack..." (column 2, lines 51-54, Minear)). 
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Response to Remarks 

The amendment received on October 13, 2005 has been carefully examined but 
is not deemed fully persuasive. The amendment consisted of claim amendments, new 
claims as well as arguments. The new claims describe types of addressing protocols. 
The Minear art already teaches that a plurality of protocols are acceptable (claim 8, 
Minear). Hence the new claims are rejected. The claim amendments were performed 
on the independent claims and detail the now cancelled claim 23 traits along with the 
trait, "wherein the security policy associated with the network protocol is specific to the 
network protocol." However, Minear teaches a design that makes use of policies which 
act upon a plurality of protocols (claim 8, Minear). The security policies forward data 
(filter) based upon the protocol at hand. As for the arguments, they are addressed 
below. 

The first argument concerns the security policy being stored in an XML file. The 
examiner has revised the office action to clarify the office's stance on this concern. It is 
obvious to one skilled in the art that data, such as security policies, can be stored in 
files, such as XML files. 

As for the concern involving the security policy being associated with a network 
protocol, this argument also is also disagreed upon. Minear teaches a design that 
makes use of policies which act upon a plurality of protocols (claim 8, Minear). The 
security policies forward data (filter) based upon the protocol at hand. No limitation is 
placed on the type of protocol that can be applied. This lack of limitation makes sense 
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since numerous network protocols exist and such a design can be incorporated within a 
variety of protocols. 

As for the concern involving the high security policy disallowing network traffic, 
such a feature is obvious in the art. It is well known in the art that the highest security 
policy locks down a device from sending or receiving network data. 

Finally, the applicant's representative expresses concern over "address outside 
the zone." When means for dynamic address assignment are permissible, it is obvious 
that such an address can be outside the zone. And Coss details how the design allows 
for multiple complex protocols (column 1, lines 61-63, Coss). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Azizul Choudhury whose telephone number is (571) 
272-3909. The examiner can normally be reached on M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jason Cardone can be reached on (571) 272-3933. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




